Ransomware attacks against small towns require collective defense

There is a war hitting small-town America. Hackers are not only on our shores, but they’re in our water districts, in our regional hospitals, and in our 911 emergency systems.

The target du jour of ransomware hackers is small towns and they have gone after them with a vengeance. Last month, the governor of Texas, Greg Abbott, declared a “Level 2 Escalated Response” as 22 of Texas’s cities were hit simultaneously with ransomware attacks, crippling local government functions. This is only declared when local authorities and first responders cannot deal with a disaster on their own and is only one step below a Level 1 Disaster declaration used for wide-area natural disasters.

This isn’t the first time ransomware hackers have gone after small governments, and it won’t be the last. According to security experts, these attacks were coordinated to hit the 22 cities at once, and evidence points to a single attacker. Now, it has been reported that the attack came from a managed service provider shared by the victims. Clearly the hackers are getting more sophisticated and brazen, representing the first wave of more virulent cyberattacks impacting the daily lives of average citizens.

Cybercriminals are targeting cities

Why are hackers suddenly interested in Main Street versus Wall Street? It seems that the criminal cyber-gangs have graduated from the old bank robber principle of going after “where the money is” and are now targeting the perfect combination of insurance coverage and vulnerability. And small government and healthcare entities have just that. They host services critical to everyday life in those areas; court records, real estate transactions, utility bills, and emergency services.

Other targeted services, like 911 phone systems, police, or emergency rooms, sit at the center of the dilemma of whether to pay off the criminals quickly or work to thwart their efforts with technology. Many small government entities lack sophisticated cyber-controls and may not have dedicated IT resources on standby. For others, they rely on local contractors who are on-call for “break-fix” type support but are incapable of responding to sophisticated cyberattacks.

Hackers have figured out that. While individual hauls might not be as large as other targets, the likelihood of being paid is high, particularly since most of these smaller entities have insurance to pay out in the event of various disasters, including cyber.

Moving forward: Circle the wagons

Early success has drawn the attention of the hacker beehive to small government and healthcare entities, and every expectation is that attacks will intensify before they abate. Now that the vulnerabilities have been exposed, there is no easy fix to this situation. Even if smaller cities had the resources to pay for top security talent, the prospects for onsite support is limited due to employment shortages of security pros. And as long as insurance companies continue paying, the hackers will keep coming to the trough. Small towns are not going to solve this problem on their own.

One of the most promising ideas being circulated is a coordinated, pooled cyber defense fund. Ideally, this would be organized at the state level, but leverage federal funds earmarked for cyber defense. A proposed model would use a centralized workforce operating a shared Security Operations Center (SOC) for the benefit of multiple small towns.

This arrangement would offer a Fortune 500 level of IT security for a small monthly fee, not unlike the flood insurance pools used for hurricane recovery. The federal government’s participation would also come with a law enforcement investigation component that could deter some cyber thieves. Until our small town cyber defenses stop looking like the infamous Maginot Line, cyber thieves will continue to blitzkrieg them with ransomware.